Update tests

src/main/java/de/tum/cit/ase/ares/api/architecture/java/archunit/FileHandlerConstants.java

@@ -17,6 +17,7 @@ public class FileHandlerConstants {
     public static final Path JAVA_REFLECTION_METHODS = FileTools.resolveOnResources("templates", "architecture" , "java", "archunit", "methods", "reflection-methods.txt");
     public static final Path JAVA_COMMAND_EXECUTION_METHODS = FileTools.resolveOnResources("templates", "architecture" , "java", "archunit", "methods", "command-execution-methods.txt");
     public static final Path JAVA_THREAD_CREATION_METHODS = FileTools.resolveOnResources("templates", "architecture" , "java", "archunit", "methods", "thread-creation-methods.txt");
+    public static final Path JAVA_CLASSLOADER_METHODS = FileTools.resolveOnResources("templates", "architecture" , "java", "archunit", "methods", "classloader-methods.txt");;
 
     private FileHandlerConstants() {
         throw new UnsupportedOperationException(localized("security.general.utility.initialization"));

src/main/java/de/tum/cit/ase/ares/api/architecture/java/archunit/postcompile/JavaArchitectureTestCaseCollection.java

@@ -153,4 +153,11 @@ public boolean test(JavaAccess<?> javaAccess) {
             FileHandlerConstants.JAVA_THREAD_CREATION_METHODS
     );
     //</editor-fold>
+
+    //<editor-fold desc="ClassLoader related rule">
+    public static final ArchRule NO_CLASSES_SHOULD_USE_CLASSLOADERS = createNoClassShouldHaveMethodRule(
+            "uses ClassLoaders",
+            FileHandlerConstants.JAVA_CLASSLOADER_METHODS
+    );
+    //</editor-fold>
 }

src/main/java/de/tum/cit/ase/ares/api/securitytest/java/JavaSecurityTestCaseFactoryAndBuilder.java

@@ -217,7 +217,7 @@ private void createSecurityTestCases() {
                 (Supplier<List<?>>) resourceAccesses::regardingFileSystemInteractions,
                 (Supplier<List<?>>) resourceAccesses::regardingNetworkConnections,
                 (Supplier<List<?>>) resourceAccesses::regardingCommandExecutions,
-//                (Supplier<List<?>>) resourceAccesses::regardingThreadCreations,
+                (Supplier<List<?>>) resourceAccesses::regardingThreadCreations,
         };
         IntStream
                 .range(0, methods.length)
@@ -323,6 +323,7 @@ public void executeSecurityTestCases() {
         //<editor-fold desc="Enforce fixed rules code">
         JavaArchitectureTestCaseCollection.NO_CLASSES_SHOULD_USE_REFLECTION.check(classes);
         JavaArchitectureTestCaseCollection.NO_CLASSES_SHOULD_TERMINATE_JVM.check(classes);
+        JavaArchitectureTestCaseCollection.NO_CLASSES_SHOULD_USE_CLASSLOADERS.check(classes);
         //</editor-fold>
 
         //<editor-fold desc="Enforce variable rules code">

src/main/resources/de/tum/cit/ase/ares/api/templates/architecture/java/archunit/methods/thread-creation-methods.txt

@@ -153,6 +153,7 @@ java.util.concurrent.DelayQueue.take()
 java.util.concurrent.ExecutorService.close()
 java.util.concurrent.ForkJoinPool.managedBlock(java.util.concurrent.ForkJoinPool$ManagedBlocker)
 java.util.concurrent.ForkJoinPool.close()
+java.util.concurrent.ForkJoinPool
 java.util.concurrent.ForkJoinTask.inForkJoinPool()
 java.util.concurrent.ForkJoinTask.fork()
 java.util.concurrent.ForkJoinTask.getPool()

src/test/java/de/tum/cit/ase/ares/integration/testuser/ThreadUser.java

@@ -1,8 +1,5 @@
 package de.tum.cit.ase.ares.integration.testuser;
 
-import static org.junit.Assert.assertEquals;
-import static org.junit.jupiter.api.Assertions.*;
-
 import java.nio.file.Path;
 import java.util.concurrent.*;
 import java.util.concurrent.atomic.AtomicReference;
@@ -15,7 +12,11 @@
 import de.tum.cit.ase.ares.api.jupiter.PublicTest;
 import de.tum.cit.ase.ares.api.localization.UseLocale;
 //REMOVED: Import of ArtemisSecurityManager
-import de.tum.cit.ase.ares.integration.testuser.subject.ThreadPenguin;
+import de.tum.cit.ase.ares.integration.testuser.subject.threads.ThreadPenguin;
+
+import static org.assertj.core.api.Fail.fail;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertFalse;
 
 @UseLocale("en")
 @AllowThreads(maxActiveCount = 100)
@@ -27,6 +28,10 @@
 @SuppressWarnings("static-method")
 public class ThreadUser {
 
+	@PublicTest
+	@Policy(value = "src/test/resources/de/tum/cit/ase/ares/integration/testuser/securitypolicies/EverythingForbiddenPolicy.yaml", withinPath = "test-classes/de/tum/cit/ase/ares/integration/testuser/subject/threads")
+	void threadAccessTest() {}
+
 	@PublicTest
 	void commonPoolInterruptable() throws InterruptedException, ExecutionException {
 		// check functionality
@@ -101,12 +106,6 @@ void threadWhitelistingWithPathPenguin() throws Throwable {
 		ThreadPenguin.tryThreadWhitelisting();
 	}
 
-	/**
-	 * This can be used to check for Threads that are not stoppable. This should
-	 * never happen, but it could. Note that this test beaks all further ones,
-	 * because the security manager will not be uninstalled and block everything. It
-	 * works by catching the {@link ThreadDeath}.
-	 */
 //	@PublicTest
 //	void zz_unstoppable() {
 //		long t = System.currentTimeMillis();

src/test/java/de/tum/cit/ase/ares/integration/testuser/subject/ThreadPenguin.java → src/test/java/de/tum/cit/ase/ares/integration/testuser/subject/threads/ThreadPenguin.java

@@ -1,8 +1,9 @@
-package de.tum.cit.ase.ares.integration.testuser.subject;
-
-import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
+package de.tum.cit.ase.ares.integration.testuser.subject.threads;
 
 import java.nio.file.Path;
+import java.util.concurrent.ExecutionException;
+import java.util.concurrent.ForkJoinPool;
+import java.util.concurrent.TimeUnit;
 import java.util.concurrent.atomic.AtomicReference;
 
 //REMOVED: Import of ArtemisSecurityManager
@@ -29,9 +30,7 @@ public static void tryStartTwoThreads() {
 				// ignore
 			}
 		});
-		assertDoesNotThrow(() -> {
-			t1.start();
-		});
+		t1.start();
 
 		new Thread().start();
 	}
@@ -63,12 +62,48 @@ public static void spawnEndlessThreads() {
 
 	public static void tryThreadWhitelisting() throws Throwable {
 		AtomicReference<Throwable> failure = new AtomicReference<>();
-		Thread t = new Thread(() -> Path.of("pom.xml").toFile().canWrite());
+		Thread t = new Thread(() -> failure.set(new SecurityException("Thread not whitelisted")));
 		//REMOVED: Thread-whitelisting-request to ArtemisSecurityManager
 		t.setUncaughtExceptionHandler((t1, e) -> failure.set(e));
 		t.start();
 		t.join();
 		if (failure.get() != null)
 			throw failure.get();
 	}
+
+	void threadWhitelistingWithPathFail() throws Throwable {
+		AtomicReference<Throwable> failure = new AtomicReference<>();
+		Thread t = new Thread(() -> failure.set(new SecurityException("Thread not whitelisted")));
+		t.setUncaughtExceptionHandler((t1, e) -> failure.set(e));
+		t.start();
+		t.join();
+		if (failure.get() != null)
+			throw failure.get();
+	}
+
+	void commonPoolInterruptable() throws InterruptedException, ExecutionException {
+		// check functionality
+		var res = ForkJoinPool.commonPool().submit(() -> "A").get();
+		// submit long-running task
+		var task = ForkJoinPool.commonPool().submit(() -> {
+			ThreadPenguin.sleepInCurrentThread(5_000);
+		});
+		// check that the task is still running after 100 ms
+		try {
+			Thread.sleep(100);
+		} catch (@SuppressWarnings("unused") InterruptedException e) {
+			Thread.currentThread().interrupt();
+		}
+		// wait for task end
+		ForkJoinPool.commonPool().awaitQuiescence(5, TimeUnit.SECONDS);
+	}
+
+	public static void something() {
+		new ThreadPenguin().start();
+	}
+
+	@Override
+	public void start() {
+		super.start();
+	}
 }